Whatsapp traffic cannot recognize in PA for iPhone user.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Whatsapp traffic cannot recognize in PA for iPhone user.

L2 Linker

Recently iPhone users only facing in WhatsApp "connecting" message, User could not send a message and make a call 

on corporate wireless network But, working in mobile network.
It was working before, day by day users facing this issue is increasing. Still WhatsApp working for some of the iPhone users on same wireless network. 

Tried IOS software update and WhatsApp update as well but no luck.

Same is working for all andriod users even on old version of WhatsApp.

 

in firewall end, WhatsApp traffic is cannot recognized as whatsapp-base for iphone. it shows as unknown-tcp.

No recent changes in our firewall end.

 

 

 

Thanks,
Sharthu
49 REPLIES 49

L2 Linker

Another short update! We did another session of capturing traffic and generating a support package on our firewall. That was somewhere before Christmas. The latest news today was that they've handed this case over to 'engineering'. I'm really curious what those guys and girls are going to find!

To be continued...

L2 Linker

Palo Alto informed me that they have a fix for this issue. It will be included in a content version release that is scheduled for the third week of March (that should be somewhere around the 18th).

L2 Linker

It's the first week op April now and from what I heard this issue should have been fixed with a content-update. There was no mention of it in any release notes. But for me it didn't. Anyone else here still sees this whatsapp-issue?

Later today I'll be in another live session to let PA-engineers have a look around in our firewall.

L2 Linker

Solved for a long time for us.

L2 Linker

The issue is resolved for us as well. After several sessions with engineers from Palo Alto (we spent quite a few hours!) we solved this issue by placing an allow-rule right above the deny-rule that blocked the Whatsapp-traffic.

The deny-rule that caused Whatsapp to fail is a rule that denies traffic classified as 'unknown-tcp' from one zone to another. At the time this rule is being evaluated there apparently are not enough packets to conclusively categorise it as 'whatsapp-base'. And since it is still 'unknown-tcp' it will get dropped immediately and won't be analysed any longer.

We placed an allow-rule right above the deny-rule where source and destination are the same and on the 'Application'-tab we added only the application 'whatsapp'. The reasoning is that by allowing this traffic in this way the firewall gets a little bit of extra time (and possibly packets) to conclusively recognise the traffic as 'whatsapp-base'.

From the moment we added this rule we see that the traffic no longer shows up as 'unknown-tcp' but is being classified as 'whatsapp-base' correctly.

It's bit odd to have to place an allow-rule above a deny-rule and there is no explanation why the traffic isn't being recognised up til the deny-rule and is recognised by adding an allow-rule. But since this is an old 3020 model with PanOS 9.x and it will be replaced later this year we will live with that.

  • 12981 Views
  • 49 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!